Blogs

Events

Stories

Attention: RHN Hosted will reach the end of its service life on July 31, 2017.
Customers will be required to migrate existing systems to Red Hat Subscription Management prior to this date.
Learn more here

Details

The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available from the CVE link inthe References section.

The libsndfile packages provide a library for reading and writing soundfiles.

An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the way the libsndfile library processed certain Ensoniq PARISAudio Format (PAF) audio files. An attacker could create aspecially-crafted PAF file that, when opened, could cause an applicationusing libsndfile to crash or, potentially, execute arbitrary code with theprivileges of the user running the application. (CVE-2011-2696)

Users of libsndfile are advised to upgrade to these updated packages, whichcontain a backported patch to correct this issue. All running applicationsusing libsndfile must be restarted for the update to take effect.

Solution

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.